Add CRA Conformity Assessment Process and Open Source Policy conformity; improve architecture doc cross-references and typedoc coverage

[Copilot]

• Analyze CRA_Conformity_Assessment_Process.md from ISMS-PUBLIC
• Analyze Open_Source_Policy.md from ISMS-PUBLIC
• Audit current CRA-ASSESSMENT.md against both policies
• Add Open Source Policy Conformity section to CRA-ASSESSMENT.md (7 subsections covering all OSP §1-§7 requirements with evidence)
• Add CRA Conformity Assessment Process Alignment section to CRA-ASSESSMENT.md (9-step process matrix + classification badges)
• Add CRA_Conformity_Assessment_Process.md reference to CRA-ASSESSMENT.md ISMS Policy Framework
• Update CRA-ASSESSMENT.md Purpose & Scope to reference both policies
• Update CRA-ASSESSMENT.md Document Control with policy alignment lines and updated dates (v1.1)
• Add ISMS Policy References table to SECURITY_ARCHITECTURE.md Related Documents section
• Add CRA_Conformity_Assessment_Process.md to SECURITY_ARCHITECTURE.md governance policy table
• Add Open_Source_Policy and CRA_Conformity_Assessment_Process to THREAT_MODEL.md ISMS policies
• Add ISMS Policy Alignment section to README.md Security Documentation
• Fix CIA triad Availability classification inconsistency: aligned CRA-ASSESSMENT.md Classification Selections from "Moderate" → "High" to match README.md and OSP §5 declaration (per Hack23 ISMS CLASSIFICATION.md)
• Fix FUTURE_THREAT_MODEL.md next review date from 2026-06-19 → 2026-05-19 to align with quarterly review cycle (Feb, May, Aug, Nov)
• Code review passed (0 comments)
• CodeQL security scan passed (0 alerts)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

🏷️ Automatic Labeling Summary

This PR has been automatically labeled based on the files changed and PR metadata.

Applied Labels: size-xs

Label Categories

• 🗳️ Content: news, dashboard, visualization, intelligence
• 💻 Technology: html-css, javascript, workflow, security
• 📊 Data: cia-data, riksdag-data, data-pipeline, schema
• 🌍 I18n: i18n, translation, rtl
• 🔒 ISMS: isms, iso-27001, nist-csf, cis-controls
• 🏗️ Infrastructure: ci-cd, deployment, performance, monitoring
• 🔄 Quality: testing, accessibility, documentation, refactor
• 🤖 AI: agent, skill, agentic-workflow

For more information, see .github/labeler.yml.

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[Copilot]

Pull request overview

This PR strengthens ISMS/CRA conformity evidence across the repository’s architecture and security documentation while expanding TypeDoc configuration and API documentation navigation to improve internal/external traceability.

Changes:

• Added CRA Conformity Assessment Process + Open Source Policy conformity/alignment content and expanded cross-references across architecture/security docs.
• Expanded FUTURE_THREAT_MODEL.md with attacker-centric analysis, attack trees, kill chain disruption, and LLM/workflow threat matrices.
• Updated TypeDoc configuration (custom tags, navigation links, visibility settings) and TypeDoc tsconfig exclude globs; refreshed docs/API_README.md.

Reviewed changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
typedoc.json	Updates TypeDoc branding, block tags, navigation/sidebar links, and inclusion settings for broader API coverage.
tsconfig.typedoc.json	Refines exclude patterns (glob-based) for TypeDoc compilation scope.
THREAT_MODEL.md	Adds ISMS policy links for Open Source Policy and CRA Conformity Assessment Process.
SWOT.md	Adds “Hack23 ISMS Policies” cross-reference section.
STATEDIAGRAM.md	Adds “Hack23 ISMS Policies” cross-reference section.
SECURITY_ARCHITECTURE.md	Adds ISMS policy reference table and CRA policy entry in policy inventory.
README.md	Adds an “ISMS Policy Alignment” section with direct links to key policies.
MINDMAP.md	Adds “Hack23 ISMS Policies” cross-reference section.
FUTURE_THREAT_MODEL.md	Major expansion: attacker-centric modeling, attack trees, kill chain analysis, AI/LLM threat mapping, and monitoring KPIs.
FUTURE_SWOT.md	Adds “Related Documents” architecture portfolio table + ISMS policy links.
FUTURE_STATEDIAGRAM.md	Adds “Related Documents” architecture portfolio table + ISMS policy links.
FUTURE_SECURITY_ARCHITECTURE.md	Adds architecture portfolio cross-reference table.
FUTURE_MINDMAP.md	Adds “Related Documents” architecture portfolio table + ISMS policy links.
FUTURE_DATA_MODEL.md	Adds “Related Documents” architecture portfolio table + ISMS policy links.
FUTURE_ARCHITECTURE.md	Marks multiple future-doc entries as active and links them to the correct files.
FLOWCHART.md	Adds “Related Documents” architecture portfolio table + ISMS policy links.
docs/API_README.md	Expands compliance + architecture portfolio tables and adds ISMS policy references.
CRA-ASSESSMENT.md	Adds Open Source Policy conformity evidence + CRA Conformity Assessment Process alignment matrix; updates versioning metadata.
ARCHITECTURE.md	Adds “Related Documents” + ISMS policy/references and bumps document control version/date.
.gitignore	Adds an api/ ignore rule (currently problematic given existing /api/ and docs/api/ usage).

[pethers]

@copilot apply changes based on the comments in this thread follow hack23 isms classification

[Copilot]

@copilot apply changes based on the comments in this thread follow hack23 isms classification

Fixed in 9221b08. Aligned the CRA-ASSESSMENT.md Classification Selections table Availability from "Moderate" → "High" to match the README.md declaration (High — 99.998% design availability with AWS CloudFront multi-region + GitHub Pages DR, automated failover) and the OSP §5 CIA Triad declaration ("Public / High Integrity / High Availability"), per Hack23 ISMS CLASSIFICATION.md availability levels.

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[Copilot]

Pull request overview

This PR updates Riksdagsmonitor’s compliance and architecture documentation to explicitly align with Hack23 ISMS policies (notably Open Source Policy and CRA Conformity Assessment Process), while also improving TypeDoc configuration/coverage and documentation cross-linking across the architecture portfolio.

Changes:

• Expand CRA and ISMS policy conformity content across CRA-ASSESSMENT.md, README.md, SECURITY_ARCHITECTURE.md, and THREAT_MODEL.md.
• Add/standardize “Related Documents” + ISMS policy reference sections across multiple current/future architecture documents.
• Adjust TypeDoc + tsconfig settings and related repo hygiene (e.g., ignore generated output).

Reviewed changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
typedoc.json	Refines TypeDoc branding, navigation links, tags, and visibility/sorting to improve generated API docs coverage.
tsconfig.typedoc.json	Tightens exclude globs for dashboard scripts and keeps generated api output excluded from compilation.
THREAT_MODEL.md	Adds explicit links to Open Source Policy and CRA Conformity Assessment Process in ISMS policy references.
SWOT.md	Adds a Hack23 ISMS policies reference section for consistency with the architecture portfolio.
STATEDIAGRAM.md	Adds a Hack23 ISMS policies reference section for consistency with the architecture portfolio.
SECURITY_ARCHITECTURE.md	Adds a dedicated ISMS Policy References table and includes CRA Conformity Assessment Process in governance table.
README.md	Adds an “ISMS Policy Alignment” section under security documentation.
MINDMAP.md	Adds a Hack23 ISMS policies reference section for consistency with the architecture portfolio.
FUTURE_THREAT_MODEL.md	Major expansion with future attacker/attack-surface content, plus broader related-doc links and updated document control metadata.
FUTURE_SWOT.md	Adds a related-documents section and Hack23 ISMS policy references.
FUTURE_STATEDIAGRAM.md	Adds a related-documents section and Hack23 ISMS policy references.
FUTURE_SECURITY_ARCHITECTURE.md	Adds a consolidated “Architecture Portfolio” cross-reference table.
FUTURE_MINDMAP.md	Adds a related-documents section and Hack23 ISMS policy references.
FUTURE_DATA_MODEL.md	Adds a related-documents section and Hack23 ISMS policy references.
FUTURE_ARCHITECTURE.md	Updates portfolio table items from “planned” to “active” and adds missing links to existing future docs.
FLOWCHART.md	Adds a related-documents section and Hack23 ISMS policy references.
docs/API_README.md	Reworks compliance/architecture doc pointers into structured tables and adds explicit ISMS policy links.
CRA-ASSESSMENT.md	Adds Open Source Policy conformity section and CRA Conformity Assessment Process alignment matrix + updates document control.
ARCHITECTURE.md	Adds related-documents + ISMS policy references and bumps version/date metadata.
.gitignore	Adds an ignore entry for api/ (TypeDoc output), though an equivalent rule already exists.

[pethers]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Fixed in 80f2ab8. Aligned FUTURE_THREAT_MODEL.md next review date from 2026-06-19 → 2026-05-19 to match the stated quarterly review cycle (Feb, May, Aug, Nov).

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json